summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/file.scm5
-rw-r--r--gnu/packages/patches/file-CVE-2019-18218.patch55
3 files changed, 2 insertions, 59 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 0ba01efcc6..4677c42979 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -852,7 +852,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/fbreader-curl-7.62.patch		\
   %D%/packages/patches/fifo-map-fix-flags-for-gcc.patch		\
   %D%/packages/patches/fifo-map-remove-catch.hpp.patch		\
-  %D%/packages/patches/file-CVE-2019-18218.patch		\
   %D%/packages/patches/findutils-localstatedir.patch		\
   %D%/packages/patches/findutils-test-rwlock-threads.patch	\
   %D%/packages/patches/flann-cmake-3.11.patch			\
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm
index cf770297c4..bac951f9c5 100644
--- a/gnu/packages/file.scm
+++ b/gnu/packages/file.scm
@@ -30,15 +30,14 @@
 (define-public file
   (package
     (name "file")
-    (version "5.37")
+    (version "5.38")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://ftp.astron.com/pub/file/file-"
                                   version ".tar.gz"))
-              (patches (search-patches "file-CVE-2019-18218.patch"))
               (sha256
                (base32
-                "0zz0p9bqnswfx0c16j8k62ivjq1m16x10xqv4hy9lcyxyxkkkhg9"))))
+                "0d7s376b4xqymnrsjxi3nsv3f5v89pzfspzml2pcajdk5by2yg2r"))))
    (build-system gnu-build-system)
 
    ;; When cross-compiling, this package depends upon a native install of
diff --git a/gnu/packages/patches/file-CVE-2019-18218.patch b/gnu/packages/patches/file-CVE-2019-18218.patch
deleted file mode 100644
index 21069823b7..0000000000
--- a/gnu/packages/patches/file-CVE-2019-18218.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Fix CVE-2019-18218:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218
-
-Patch copied from upstream source repository:
-
-https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
-
-From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <christos@zoulas.com>
-Date: Mon, 26 Aug 2019 14:31:39 +0000
-Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
-
----
- src/cdf.c | 9 ++++-----
- src/cdf.h | 1 +
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/src/cdf.c b/src/cdf.c
-index 9d6396742..bb81d6374 100644
---- a/src/cdf.c
-+++ b/src/cdf.c
-@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
- 				goto out;
- 			}
- 			nelements = CDF_GETUINT32(q, 1);
--			if (nelements == 0) {
--				DPRINTF(("CDF_VECTOR with nelements == 0\n"));
-+			if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
-+				DPRINTF(("CDF_VECTOR with nelements == %"
-+				    SIZE_T_FORMAT "u\n", nelements));
- 				goto out;
- 			}
- 			slen = 2;
-@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
- 					goto out;
- 				inp += nelem;
- 			}
--			DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
--			    nelements));
- 			for (j = 0; j < nelements && i < sh.sh_properties;
- 			    j++, i++)
- 			{
-diff --git a/src/cdf.h b/src/cdf.h
-index 2f7e554b7..05056668f 100644
---- a/src/cdf.h
-+++ b/src/cdf.h
-@@ -48,6 +48,7 @@
- typedef int32_t cdf_secid_t;
- 
- #define CDF_LOOP_LIMIT					10000
-+#define CDF_ELEMENT_LIMIT				100000
- 
- #define CDF_SECID_NULL					0
- #define CDF_SECID_FREE					-1